I have a question regarding User Deletion API for Google Analytics. We have a Property and View that does not collect UserID or ClientID as Custom Dimension, but we have a lot of PII data in our Events report (emails and phone numbers).
When i go to User Explorer i can get the ClientID, but unfortunately as far as i know this report is not available in any API versions of Google Analytics.
My question is HOW can i then delete all these PII without knowing the ClientID? I do not have a 360 account.
Unfortunately I think you've done your research correctly and I'm afraid there aren't more options available than what you already listed:
You have 2 ways of deleting data:
User Deletion API
Deleting views (I know it's too radical, but that's the only other option)
As for option 1, indeed, none of the reporting APIs expose the Client ID or the User ID, so you have 2 options:
Export the Client ID manually from the User Explorer report, but you won't be able tell which PII is associated with which Client ID
Implement a custom dimension to store the Client ID so you can then identify the corresponding PII, and automate that process if you want to
Related
I am trying to publish my React Native iOS app (which uses Firebase Analytics) on the App Store. The App Store requires me to specify what data is linked to the user.
The problem is: I cannot figure out whether Firebase Analytics links the data it collects to the user identity.
Specifically, I am unsure if Firebase Analytics links data from the following categories to the user identity: Contact Info, Identifiers, Diagnostics, Location, Usage Data, and Other Data. Can anyone advise?
I found Google documentation explaining how to enable/disable privacy settings: Privacy controls in Google Analytics
For location data, they state: "You have the option to enable/disable the collection of granular location-and-device data on a per-region basis. Analytics collects this data by default."
For user level data acccess, they state: "For Universal Analytics properties, you can pull event information for any given user identifier via the User Explorer report or the User Activity API. These features allow you to analyze and export event level data for a single user identifier. " -- I think this means that the data is in fact linked to user identities if you use Firebase Analytics.
We have a web app that users log into using Firebase Auth. According to our the authentication section of our firebase console, we have 690 user that have created accounts, and we believe that is correct.
According to our Firebase Analytics console, we have 2,100 new users in the past 90 days. I think I understand that Firebase Analytics tracks users with a device ID (?). So, if this were a iOS app, an uninstall and install would trigger a a new user counted in analytics. But, how does this work on a web app? Cookie? Some kind of browser id? A session?
So, I think if we want to track unique users accurately, we would use the set the user id, with this:
https://firebase.google.com/docs/reference/js/firebase.analytics.Analytics#setuserid
Which according to the docs linked above, 'Use gtag 'config' command to set 'user_id'. So it does this: https://developers.google.com/analytics/devguides/collection/gtagjs/cookies-user-id#set_user_id
Which allows the users to be tracked across sessions. Therefore, users should not double count.
Notice that the setUserId section in the firebase analytics docs does not have a web section (although the setUserID function does exist in the javascript sdk as shown tow links above) https://firebase.google.com/docs/analytics/userid
So... would it then work to get the user id (uid) when they log in (https://firebase.google.com/docs/reference/js/firebase.User). And then use the setUserId method to set the id?
It's unclear because the documentation does not seem to be in one source. I am just trying to put it all together
You are correct that you can use the setUserId API (across iOS, web and Android) in order to identify the same user across platforms. Note that you'll need to:
Set the default reporting identity to "By User-ID then Device" in the Reporting settings for Google Analytics in the Firebase console (see attached screenshot and docs for more info).
Make sure you are following the Privacy Policy when using the User ID.
Can you set up alerts in Google Analytics to flag potential PII/NPI such as name, email address, billing address, billing details etc.? If so, how?
First I have do say I do not understand the downvote(s). For example I have seen applications with user logins where a full name was part of the page title - combined with time based dimensions that gave profile that say which user looked at what page at what time, and that would be clearly illegal. Even worse I have seen a case where security tokens were transmitted to GA that allowed access to secured resources. So clearly accidental transmission of PII to Google Analytics is a real thing.
Unfortunately there is not much you can do about it. You can either do a custom report with relevant dimensions and have it sent to you for a manual audit, or pull them via the API and have them programmatically examined via regular expressions that look for patterns like e-mail addresses etc. But by the time you can do that it is already to late, the data will already be permanently recorded in the GA property.
You have to stop this before the data is collected - if at all possible already in the website (via form validation etc), or use Google Tag Manager with custom javascript variables with validation rules, or filters in the analytics view (the latter being cumbersome and not very promising for this purpose).
The good news is that GA will not suddendly start to track PII on it's own. So you only need to check if your GA account tracks PII when you set up the account. Collect a few days data, validate that everything is okay, make changes as necessary and after all flaws are straightened out copy the view to start data collection from scratch and drop the old view if it contains PII.
I'm wondering if it is possible to receive user specific information (frontend or backend) from Google Analytics.
For example: A user arrives on our site and we can read from Google Analytics, hey this person is XX years and has these interests.
I've read some blogs about Google Analytics and the cookies, from which it should be possible to extract the unique user ID (NOT given by us but by Google Analytics). Maybe that's where the identification could start.
Is it possible and if, how?
Kind regards!
What you are referring to is the Demographic and interest reports. This data comes to Google by the way of DoubleClick cookie.
What is the Double click cookie?
DoubleClick uses cookies to improve advertising. Some common applications are to target advertising based on what’s relevant to a user, to improve reporting on campaign performance, and to avoid showing ads the user has already seen.
User ID in Google analytics:
User ID enables the analysis of groups of sessions, across devices, using a unique, persistent, and non-personally identifiable ID string representing a user.
Note: The user id is used internally by Google Analytics its not possible for you to see this User id via the Website or the API.
Personal information:
The Google Analytics terms of service, which all Google Analytics customers must adhere to, prohibits sending personally identifiable information (PII) to Google Analytics (such as names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form. Your Google Analytics account could be terminated and your data destroyed if you use any of this information.
Answer: It is not possible to receive personal user specific information from Google Analytics, while it is possible for you to send this information yourself in the form of a custom dimension it is not advisable because it is against the terms of service.
The docs describe the clientId as:
This anonymously identifies a particular user, device, or browser instance.
https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters#cid
It can be used to send server side hits to analytics while still tying them to a particular user.
There is also a feature in closed beta called userId, which you will be able to pass once a user has authenticated: https://developers.google.com/analytics/devguides/collection/analyticsjs/user-id
userId is fairly self-explanatory. However, UA also allows you to pass your own clientid if you choose to. For developing CRM type tools, can one just associate the clientid with a user in the same way that you would with a userid? The goal is primarily to be able to track offline interactions and connect them with visitors in Analytics.
maembe,
clientID is a random number generated by Google Analytics, and keep in mind it's always required and its value should always be a random UUID (version 4) (you could technically use your own, but I am not sure how practical and reliable this would be). Most importantly, you can easily access it with predefined get function (see documentation).
For your needs, this is exactly what you should do -- if someone sings ups, store ClientID in your CRM and then if there is any offline purchase, record the transactions with measurement protocol using the stored clientID. Google Analytics will then make the link (attribution) with that visitor and you will see this in your reports. Also, take advantage of newly available custom metrics and dimensions which can store pretty much anything you want (think of customer segmentation etc.). Beware of storing PII though.
Hope this helps :)
I am curious how UserID is going to work, it might change everything, but for now, I wouldn't rely on it as there is very little information available.
This Analytics support page now states the differences between Client ID and User ID - https://support.google.com/analytics/answer/6205850?hl=en#clientid-userid
Essentially client IDs represent unauthenticated users, and are automatically randomly generated.
User IDs represent authenticated users, and must be set manually.
It's worth noting that user IDs cannot be things like an email address, or other data that would allow Google to identify the user
You will not upload any data that allows Google to personally identify an individual (such as certain names, Social Security Numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a unique device identifier if such an identifier cannot be reset).
If you upload any data that allows Google to personally identify an individual, your Google Analytics account can be terminated, and you may lose your Google Analytics data.
Taken from: https://developers.google.com/analytics/devguides/collection/protocol/policy
I'd imagine User ID is designed to differentiate the behavior of an authenticated user. here